Business email compromise becomes the main cause of cyber insurance claims

In 2018, business email compromise (BEC) accounted for 23% of cyber insurance claims received from Europe, the Middle East and Asia, according to statistics released by AIG.

Ransomware at 18% and data breaches at 14% of total claims were
relegated to second and third places. Total claims in 2018 amounted to
more than those in 2016 and 2017 combined.

Insurers in the US now advise victims to pay ransom demands and then
make a cyber insurance claim. As a result, insurance companies are
making smaller payouts to cover ransom costs rather than large payments
to cover the price of completely rebuilding a compromised network.

Whether or not to pay a ransom is a decision for the company affected.

AIG also noted an impact on claims caused by the General Data
Protection Regulation (GDPR) brought in by the European Union in 2018.
Companies are making claims to offset some of the costs of the fines
they face after reporting a data breach as is required under the
legislation. Some 20% of claims cite GDPR notification.